{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2010-12-30T20:00:00Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://issues.jboss.org/browse/JBPAPP-5253"}, {"name": "1024840", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1024840"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.jboss.org/browse/JBREM-1261"}, {"name": "RHSA-2010:0965", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0965.html"}, {"name": "RHSA-2010:0964", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0964.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660623"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:43:13.297Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://issues.jboss.org/browse/JBPAPP-5253"}, {"name": "1024840", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1024840"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.jboss.org/browse/JBREM-1261"}, {"name": "RHSA-2010:0965", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0965.html"}, {"name": "RHSA-2010:0964", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0964.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660623"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4265", "state": "PUBLISHED", "dateReserved": "2010-11-16T00:00:00Z", "datePublished": "2010-12-30T20:00:00Z", "dateUpdated": "2024-08-07T03:43:13.297Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "73CE9D33-C47B-4781-98CF-39F47D5C6E7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp10:*:*:*:*:*:*", "matchCriteriaId": "47DAB8A9-8051-4F3A-BE0B-C25274569A39", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp11:*:*:*:*:*:*", "matchCriteriaId": "B0366492-7A9C-4EFB-8376-0872255E0818", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp2:*:*:*:*:*:*", "matchCriteriaId": "A3EACF37-083A-4A13-BAD0-92ED94A412EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp4:*:*:*:*:*:*", "matchCriteriaId": "AA1C34A8-4B0C-4F2D-B0EF-BD5511CE679D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp7:*:*:*:*:*:*", "matchCriteriaId": "C7CBE5D3-BDDB-4C1D-B0A2-DDDF3C80D1B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp8:*:*:*:*:*:*", "matchCriteriaId": "9C236E4B-9DCC-474D-90D0-2C61DE0C66E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "6135AFA9-415D-4438-AFD6-829F457EDA35", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp1:*:*:*:*:*:*", "matchCriteriaId": "5991E822-E554-497A-9693-D0F3239ADC44", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp2:*:*:*:*:*:*", "matchCriteriaId": "EC3696E9-2702-41E4-9566-B55A6BEE9E9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp3:*:*:*:*:*:*", "matchCriteriaId": "21819E6B-4EFF-4832-AF46-751E9B964A91", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E82B2AD8-967D-4ABE-982B-87B9DE73F8D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*", "matchCriteriaId": "2B3E4026-F98E-4AEB-9FE1-4FFBBF44AC55", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*", "matchCriteriaId": "960A513A-CAFC-4B3D-ABD7-4659CF545C73", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*", "matchCriteriaId": "C2D8DC6D-5E39-4A53-8BB8-F998706D573F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*", "matchCriteriaId": "3AA2D64E-D7E7-400D-AC7E-CB2045750791", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05:*:*:*:*:*:*", "matchCriteriaId": "197F047B-E11C-4B79-B6C4-79B2C278A33F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06:*:*:*:*:*:*", "matchCriteriaId": "CCE383FE-3C03-4B4F-A2E6-AD673F8A44FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp07:*:*:*:*:*:*", "matchCriteriaId": "62A85D7D-B60A-4566-BA4B-2F74E452C4EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp08:*:*:*:*:*:*", "matchCriteriaId": "08103F7B-E6BD-4688-B178-F4839B1CD434", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp09:*:*:*:*:*:*", "matchCriteriaId": "FA7424BA-1E18-4267-9697-F4560BE75359", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "972C5C87-E982-44A5-866D-FDEACB5203B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DC20F443-4918-46D2-8251-1C8F072B7733", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier."}, {"lang": "es", "value": "El m\u00e9todo org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run de JBoss Remoting 2.2.x anteriores a 2.2.3.SP4 y 2.5.x anteriores a 2.5.3.SP2 de la plataforma de aplicaciones Red Hat JBoss Enterprise (JBoss EAP o JBEAP) 4.3 hasta la 4.3.0.CP09 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) estableciendo un sesi\u00f3n TCP de conexi\u00f3n de control bisocket, y no enviando ning\u00fan dato de aplicaci\u00f3n. Vulnerabilidad relacionada con un parche olvidado de CVE-2010-3862. NOTA: puede ser considerada un duplicado del CVE-2010-3862 porque un parche olvidado no deber\u00eda tener asignado un identificador CVE."}], "id": "CVE-2010-4265", "lastModified": "2023-11-07T02:06:15.317", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-12-30T21:00:02.017", "references": [{"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1024840"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0964.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0965.html"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660623"}, {"source": "secalert@redhat.com", "url": "https://issues.jboss.org/browse/JBPAPP-5253"}, {"source": "secalert@redhat.com", "url": "https://issues.jboss.org/browse/JBREM-1261"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2010:0965", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3", "release_date": "2010-12-08T00:00:00Z"}, {"advisory": "RHSA-2010:0964", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-remoting-0:2.2.3-4.SP3.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-08T00:00:00Z"}, {"advisory": "RHSA-2010:0964", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-remoting-0:2.2.3-4.SP3.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-08T00:00:00Z"}], "bugzilla": {"description": "jboss-remoting: missing fix for CVE-2010-3862", "id": "660623", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660623"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified"}, "details": ["The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier."], "name": "CVE-2010-4265", "public_date": "2010-12-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-4265\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-4265"], "threat_severity": "Low"}